{"id":6638,"date":"2017-02-15T08:32:28","date_gmt":"2017-02-15T16:32:28","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/15\/news-457\/"},"modified":"2017-02-15T08:32:28","modified_gmt":"2017-02-15T16:32:28","slug":"news-457","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/15\/news-457\/","title":{"rendered":"Researchers trick &#039;CEO&#039; email scammer into giving up identity"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2017\/02\/img_20170214_222940-100709087-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Wed, 15 Feb 2017 08:13:00 -0800<\/strong><\/p>\n<p> Businesses targeted in email scams don\u2019t always have to play the victim. They can actually fight back. <\/p>\n<p> Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts. <\/p>\n<p> Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks.\u00a0\u201cWe\u2019re letting [the scammers] give us all the information about themselves,\u201d he said. <\/p>\n<p> The email scheme involved a fraudster impersonating a CEO in what\u2019s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer\u2019s bank account. <\/p>\n<p> Although a business can train its employees to learn how to spot these suspicious emails, that won\u2019t necessarily stop the attack, especially since it\u2019s easy for anyone to continually bombard a victim with emails, SecureWork said. <\/p>\n<p> Instead, a business\u2019 IT security staff can fight back and disrupt the scammer\u2019s operations. They can do this, by first replying to an email scam and pretending to act like a gullible victim.\u00a0 <\/p>\n<p> This was how SecureWorks managed to eventually identify an email scammer from Nigeria that targeted a U.S. technology company in November. SecureWorks was brought in to investigate and decided to fool the fraudster into thinking his scheme had worked. \u00a0 <\/p>\n<p> The scammer had tried to trick the technology firm into wiring funds to a bank account by impersonating its CEO. SecureWorks pretended to comply, which caused the scammer to turn greedy. <\/p>\n<p> \u201cHe started asking for $18,000,\u201d said James Bettke, a SecureWorks researcher. \u201cAnd then after that, he said, \u2018Oh that\u2019s a typo. It\u2019s a $118,000.\u2019\u201d <\/p>\n<p> One of the emails sent by the scammer. <\/p>\n<p> To try and identify the scammer, SecureWorks decided to email back a PDF-based receipt, indicating the wire transfer had been complete. In reality, the receipt was a decoy that when clicked on, sent off the recipient\u2019s IP address and other web browser information. <\/p>\n<p> The researchers found that their scammer was using an internet service provider in Lagos, Nigeria, and was viewing the receipt on an iPhone. <\/p>\n<p> SecureWorks continued to play a gullible victim, by claiming the wire transfer had failed. That forced the scammer to hand over details to other bank accounts. The researchers then took that information and notified the responsible bank that these accounts were being used for fraud, shutting them down. <\/p>\n<p> To find out more about the scammer, the researchers sent another decoy receipt of a wire transfer that forced the recipient to enter a legitimate mobile phone number to view the form. <\/p>\n<p> The scammer fell for the ruse. Using Facebook, the researchers found that the entered phone number was tied to a user named \u201cSeun,\u201d which the researchers believe is a real account. \u00a0\u00a0 <\/p>\n<p> \u201cWe know who he is,\u201d Stewart said. \u201cWe could report him to the EFCC (The Economic and Financial Crimes Commission in Nigeria). But he didn\u2019t get away with any money.\u201d <\/p>\n<p> So instead, SecureWorks is publicizing information about the fraudster\u2019s scams, including the email addresses he used. <\/p>\n<p> \u201cIf anybody has actually lost money to him, then they can approach law enforcement,\u201d Stewart said. \u201cThat would be our best case scenario.\u201d <\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3170115\/security\/researchers-trick-ceo-email-scammer-into-giving-up-identity.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2017\/02\/img_20170214_222940-100709087-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Wed, 15 Feb 2017 08:13:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p> Businesses targeted in email scams don\u2019t always have to play the victim. They can actually fight back.<\/p>\n<p> Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.<\/p>\n<p> Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks.\u00a0\u201cWe\u2019re letting  [the scammers] give us all the information about themselves,\u201d he said.<\/p>\n<p> The email scheme involved a fraudster impersonating a CEO in what\u2019s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer\u2019s bank account.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3170115\/security\/researchers-trick-ceo-email-scammer-into-giving-up-identity.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11072,714],"class_list":["post-6638","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cybercrime-hacking","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6638"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6638\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6638"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}